#! /usr/bin/perl

#also enable strict mode
use strict;

#use the HMTLSubs package and DBQueries package
use HTMLSubs;
use DBQueries;
use CGI;

#create new cgi object
my $CGIHandle = new CGI;

#ensure that input is not blank which would mean that the site is illegally accessed
if(scalar($CGIHandle->param) == 0){
	
	#if so, redirect to login
	print CGI -> redirect("login.pl.cgi");
}


#get parameters
my $username = $CGIHandle -> param('username');
my $group_name = $CGIHandle -> param('groupName');
my @user_names = $CGIHandle -> param('usersToAdd');

#declare display title to send correct info to user
my $display_message = "";

#determine if there was a user passed back to the script
if(scalar(@user_names) != 0){
	
	#loop through ids and take appropriate action
	my $current_user_name;
	
	foreach $current_user_name(@user_names){
		
		#add to database
		DBQueries::addUserToGroup($current_user_name, $group_name);
		
		#create title for user
		$display_message .= "Added $current_user_name to $group_name successfully!<br>";
	}
}
#otherwise, no file was selected so act accordingly
else{
	#create title for user
	$display_message = "No user was selected!";
}

#obtain general user info from DB
#declare scalars to hold most important information
my $groups_owned = scalar(DBQueries::getUserCreatedGroups($username));
my $groups_member = scalar(DBQueries::getUserGroups($username));
my $files_owned = scalar(DBQueries::getUserFileNames($username));
my $files_seeable = scalar(DBQueries::getAllUserFileNames($username));
my($first_name, $last_name) = DBQueries::getUserInfo($username);

#call sub to start html document
HTMLSubs->generate_html_beginning();

#call sub to print header
HTMLSubs -> generate_display_head("Document Management System", "Addition of Users to $group_name", $username);

print <<END_HTML;

<!--now display the message to the user-->
<h4>You added the following users:<br>$display_message</h4>
<h4>Please return to your profile or user manager for further action.</h4>
<br>

END_HTML

#create hash for button
my %parameter_hash;
$parameter_hash{'username'} = $username;
$parameter_hash{'groupName'} = $group_name;
	
#call subroutine to display button that returns the user to the profile
HTMLSubs -> generate_html_button("profile.pl.cgi", "Go To profile", \%parameter_hash);

#call subroutine to display button that returns the user to the user manager
HTMLSubs -> generate_html_button("manageGroupUsers.pl.cgi", "Go To User Manager", \%parameter_hash);

#now call method to produce closing html tags
HTMLSubs->generate_html_end();

#subroutine to obtain and determine what information is passed to the script
#to make this more universal, both GET and POST methods are accepted 
#this reads input for both GET and POST
sub obtain_input{

	#declare scalar to hold passed information
	my $input;

	#now retrieve the input through either get or post
	#change the case of request method
	$ENV{'REQUEST_METHOD'} =~ tr/a-z/A-Z/;

	#if post use STDIN
	if ($ENV{'REQUEST_METHOD'} eq "POST"){
		read(STDIN, $input, $ENV{'CONTENT_LENGTH'});

		#exchange plus signs to spaces
		$input =~ s/\+/ /;

		#deal with special characters using the substitution sample provided
		$input =~ s/\%([A-Fa-f0-9]{2})/pack('C', hex($1))/seg;
	}
	#otherwise the env hash
	else{
		$input = $ENV{'QUERY_STRING'};
		
		#exchange plus signs to spaces
		$input =~ s/\+/ /;
		
		#deal with special characters using the substitution sample provided
		$input =~ s/\%([A-Fa-f0-9]{2})/pack('C', hex($1))/seg;
	}
	
	#now return the correct input
	return $input;	
}

